Posted
by
timothy
on Sunday June 30, 2013 @01:31PM
from the joint-checking-account dept.

vikingpower writes "Clinkle, a new mobile payments start-up, may or may not have succeeded where so many other efforts have fizzled by inventing a practical way to replace credit cards with smartphones. It's hard to say, though, since Clinkle won't say much about how its system works. Its website is, well ... slight. But a prominent group of Silicon Valley investors who do know what Clinkle is cooking up are acting as though it has achieved a breakthrough. On Thursday, Clinkle announced that it had raised $25 million in early financing from Accel Partners; Andreessen Horowitz; Intel; Intuit; Marc Benioff, the chief executive of Salesforce.com; Peter Thiel, the co-founder of PayPal; and a long list of other investors with technology industry pedigrees. The Huffington Post has an article on Clinkle, or rather on Stanford students putting their degree on hold to go work at Clinkle. The Wall Street Journal [paywalled] mentions Clinkle having some 30-odd employees already."

Sometimes I wonder if they intentionally make this type of Tech just so Hackers can take advantage; and the company can get free advertisement. You know what they say, even bad advertisement is good advertisement. The sad part is people will buy this, just as sure as people building houses on unstable cliffs.

Seriously, after applying for an invite a long time ago, I finally got into Simple [simple.com] and started using it, and it really seems to be what banking should be with a great web/phone app. Now I have to sign up and wait for ANOTHER service that is going to replace my bank? - HEX

The problem here as I see it is that too many companies are fighting for this space, using illegal tactics.

For instance, even though my phone is capable of using Google Wallet, it won't work on the device because AT&T somehow gets a veto over using the app on my phone. Its all just data, encrypted and secured data, so why do carriers get to block this app? How is that not illegal restraint of trade?

I don't expect it to be any different with Clinkle. Too many players standing in the way.

For instance, even though my phone is capable of using Google Wallet, it won't work on the device because AT&T somehow gets a veto over using the app on my phone. Its all just data, encrypted and secured data, so why do carriers get to block this app? How is that not illegal restraint of trade?

In the early 1980's, major players in the American banking system invested heavily in the phone system. It was the reason the banks didn't replace the easily duplicated magnetic stripe card with the better security offered by the chip and pin process implemented in Europe at that time (which sadly was 40 years ago). We became a back water country with this technology do to corporate priorities. I see a reason for the problem you described if those type of investment relationships still exists today between

The grass always does seem greener doesn't it? In reality here in Europe and chip and pin has only been implemented for a decade or so and in most countries paying with the magnetic stripe has only been retired about a year ago.

The grass always does seem greener doesn't it? In reality here in Europe and chip and pin has only been implemented for a decade or so and in most countries paying with the magnetic stripe has only been retired about a year ago.

take a trip to usa and pay by magnetic stripe and write a confirmation signature with a stylus while nobody is watching and walk out of the shop(self service paying). it's like a trip to a parallel stupid high tech land.

It's the latest hot startup. There are probably at least a dozen different new systems in the last year from companies trying to be the new payment app. Why? Because they all want a piece of each transaction, which adds up to huge money.

And unless there is interoperability between all of them this scheme will not take off, but your average business rather kills off the competition to get the whole tiny pie instead of working together so each can take a piece of a huge global pie.

Oh boy, wow! Some guys managed to give a powerpoint presentation about releveraging cross-platform web enabled responsive 3.0 paradigms, and some students want to get rich quick, and they made a web page with far too much javascript that seems to be trying to implement some bullshit marketting strategy.

Tell me when they have a product ready. Or better yet, don't, because I'm not going to use it anyway.

And why exactly would I want a product where I have to provide my own terminal to run their code and use my own capped data to support their service? Can't imagine any benefit to the actual consumer over just using my plastic card.

And why exactly would I want a product where I have to provide my own terminal to run their code and use my own capped data to support their service? Can't imagine any benefit to the actual consumer over just using my plastic card.

Excuse me for asking, but what part of a cellphone or smartphone does NOT require you to supply your own terminal to run someone else's code and pay for your own bandwidth?

Come to think of it, it seems pretty clear that you didn't MAIL IN your post above, so you must have used your own terminal running Slashdot's javascript on your own bandwidth just to read and post here.

So why get so up in arms about this?

I would love not having to carry a wallet full of credit cards to get stolen, or even peeked at, and

Excuse me for asking, but what part of a cellphone or smartphone does NOT require you to supply your own terminal to run someone else's code and pay for your own bandwidth?

No part of my cell phone requires me to run anyone's code or to transfer someone's data. As matter of fact, my phone is not capable of running 3rd party code, and the data services (and SMS) on this account were blocked by AT&T by my request, from day zero, as a non-negotiable condition of purchase. I have no use for data on my cel

The additional benefit is to force credit card companies to provide the additional biometric data to confirm the identity of the user and end the lie of identity theft. Identity theft, is fraudulently applied charges by outlets against a person credit card, until such time as those outlets can prove they were defrauded. The lie of identity theft is used by credit card companies to criminally force the liability onto the card holder and not onto the credit card company and the outlets that make use of those

Huh? Credit cards don't force anything onto the card holder, they take the money from the merchant and reimburse the cardholder without questions. In fact, they'll almost certainly catch the transaction before it's finalized. Now merchants hate the arrangement but it's golden for customers.

You do not, by the way, get this with debit cards or most any other form of payment. Amusingly one of the problems with biometric protection is that it's assumed to be perfect so when it exists the blame is moved to the c

In fact, they'll almost certainly catch the transaction before it's finalized.

I totally agree with this sentiment. Actually my bank has a an oversensitive heuristic. On about 10% of all internet transactions I need to call up the bank for them to authorize the payment. And I know I got a good bank, when I can do that at 3 a.m. on a Sunday.

if done right. You go to restaurant. Get receipt. Create a one-off closed account with user ID and one-off GUID with exactly the amount of receipt+tip transferred from your actual bank account. Unlike with a card, you just hand the server the user ID+GUID. They never know your full name and credit card number. They can't swap your card with an imposter (plenty of cases where servers will do this if have a similar looking card). If they do decide malicious intent or accidentally mix up your GUID with another, then there is no problem; all that is in the temporary "account" is the exact money. The only thing that will tie them to your accounts is the user ID, and that will not be your direct online banking account, etc.; it will be the (Clinkle's) service. This is just a pipe dream of course, and I'm sure Clinkle's service is more open so that restaurants/etc. don't have to buy new hardware/software; it's probably only a fraction safer than actually giving your plastic card.

I would only start to be comfortable with this if they licensed their software to banks and let banks keep the records.

The scenario you describe has a gaping privacy hole in that Clinkle will have records of all your purchases. One national security letter or weakly anonymized marketing datbase sale later, and you're screwed.

Banks, at least, already have this information, so we're no worse off; and, banking as a whole is more strongly regulated than valley startups.

The scenario you describe has a gaping privacy hole in that Clinkle will have records of all your purchases. One national security letter or weakly anonymized marketing database sale later, and you're screwed.

Same for Visa and MasterCard. Unless you pay in cash money, you have already bought into having your dinner purchase somewhat public. Your bank, your restaurant's bank, your credit card company, and your restaurant's credit card clearing company all know this information and any Local Police Department can get all of that information on a whim, and the US government gets every single bit of it every single day of the year for every single citizen.

Let's not forget the ever present 'loyalty cards' that stores want you to use when you pay. This is simply a primary key into a juicy database full of everything you buy from every store and every form of retail outlet they have.

Over here in Aus they generally entice you with a tiny discount off your petrol when you spend or some flybuy points that you will never get enough of to actually fly anywhere on. The major supermarket chains also own most of the petrol stations, the liquor stores and god knows what

You go to restaurant. Get receipt. Create a one-off closed account with user ID and one-off GUID with exactly the amount of receipt+tip transferred from your actual bank account. Unlike with a card, you just hand the server the user ID+GUID. They never know your full name and credit card number.

Or, if you are not one of those thirty "odd employees," you just pay with cash. Or you use a temporary c/c number with limited funds - many banks offer this service for free. Or you walk with the server to the payment terminal. There are several ways to pay that do not involve a third party.

This whole thing is designed to appeal to geeks who enjoy fiddling with computers. However everyone else will find it bothersome. It is just another step where you can make a mistake. All those eWallet companies are solving a problem that does not exist for the vast majority of people - and even to some geeks. I, personally, have no need of that service. I also have no desire to include another set of crooks into the payment chain.

I'm sure Clinkle's service is more open so that restaurants/etc. don't have to buy new hardware/software; it's probably only a fraction safer than actually giving your plastic card.

Where would these numbers go that a patron hands over to the server? Do they just type it into a browser, in a place where thousands of patrons and workers come and go every single day? It only takes a record in the HOSTS file, and a self-signed certificate, to impersonate the service. Businesses pay for secure terminals because they are secure. A mere computer in a corner cannot be called secure, if all it takes to compromise is to insert a USB stick and run a script.

MS Security Essentials monitor the HOSTS file. However if you have physical access to the console you can always configure an exception. (I did, because I always have custom HOSTS files, because I have no DNS server on the LAN. (I have a couple of BBBs now to make one of them into a proper DNS server, but I still need to find time for that:-))

the problem with the proposal that you've created is that if the phone is hacked then any number of one-off closed accounts can be created and transferred from your "actual bank account". what this tells us is that the actual problem is the concept of trying to use a general-purpose processor which is capable of running unverifiably-complex general-purpose software as a method of payment. it.... just.... doesn't.... add... up.

You know what else works just as well as a credit card that is way smaller and lighter than a cell phone, never needs recharging, works literally everywhere and already has proven, well-established limited liability for theft? A fucking credit card.

Oh, and nice analysis editor:

Clinkle, a new mobile payments start-up, may or may not have succeeded...

Fundamentally, you are throwing around what in any sane world would be the most secret of secrets. To hack around that reality, financial institutions bear non-trivial amounts of risk and have to do a lot to do analytics to try to detect fraud. Even with all that, the cardholder must be always vigilant as their circumstance could fall through the cracks.

I've long been amazed that my email provider offers me more rigorous prevention of unautho

The dark and evil world that you envision presents no risk or tangible costs to me. My credit card company and Visa assume all of those risks. Sure, you might argue that there are hidden costs that are passed along to all customers when credit cards are used, but costs would hit me anyway, even if I just paid cash (and I don't get 1% back when I pay cash). And if you really think that way then let me assure you that Clinkle and it's investors are out to make a buck too, so in the end this will just mean hig

...they are bloody expensive! The consumer doesn't see most of this, but the merchants pay through the nose. A typical small business will pay around 3% of the total transaction to the credit card company, plus additional fees for payment processing, plus additional fees for certifications, plus...there's always another damned fee.

That could well represent the entire profit margin of a smaller business. Guess what, that means those costs are added into the price. Since most credit card contracts (at least in my country) explicitly prohibit giving a "cash discount" or anything else that would be to the disadvantage of credit card purchases, this means that there is no way out: everyone must pay the higher prices.

It's quite a racket, if you think about it: 3% of the top of a huge chunk of all consumer transactions. I dream of seeing some real competition in the payment processing market.

It's quite a racket, if you think about it: 3% of the top of a huge chunk of all consumer transactions.

How much are you spending on your c/c per year? Let's say $20K. This is a large sum of money, fit for a family guy with several children. (I don't spend that much.) 2% of that (often you get 1% back) would be $400.

Would you agree to carry, count and spend $20K in cash over the year if I promise to pay you $400? You will be in danger of losing the money, of being robbed, of miscounting not in your favor, and of not having enough cash on hand. Cash is dirty, having been in hands of lowest castes of the society, and it may carry diseases. Most of US cash carries traces of drugs, and that can attract attention of police dogs; the police will then be happy to tear your car apart.

The banks may be charging too much for the service; but from the POV of the consumer, the convenience is worth the cost. Is it a nice racket for the banks? Probably yes, it is. They inserted themselves into the payment chain, and it's all but impossible to extract them out of there.

The many eWallet providers (that always come and go) are not aiming for saving the world from the onerous 3%. They are aiming to collect those 3%. The world will be still paying the payment tax, one way or another. Those companies are not saviors; they are just the new generation of thieves who are trying to replace the prededing generation of thieves.

The many eWallet providers (that always come and go) are not aiming for saving the world from the onerous 3%. They are aiming to collect those 3%. The world will be still paying the payment tax, one way or another. Those companies are not saviors; they are just the new generation of thieves who are trying to replace the prededing generation of thieves.

This is the thing that annoys me most about the whole thing. I don't want any of them.

It's quite a racket, if you think about it: 3% of the top of a huge chunk of all consumer transactions. I dream of seeing some real competition in the payment processing market.

I'm sure this will have essentially the same fee structure and profit models as standard credit cards. The best long term hope for true competition payment processing is Bitcoin. With a mostly voluntary transaction fee of about $0.01 on any transaction including those across borders, it is secure, pseudo-anonymous, non-reversible, and there is no bank or government to deny access or confiscate funds. With greater adoption values should rise significantly with diminishing volatility until eventually a slo

Reportedly, miners are already configuring their systems to drop transactions that do not bring revenue. Days of BTC mining just for fun, done by a few nerds and a computer, are gone. Today you need to have an ASIC miner to keep up - and as soon as the network becomes faster, the difficulty level goes up, and the number of still available bitcoins continues to drop. Why would a miner mine anything say, ten years from now, when he needs a quantum computer (at a mere $10M price tag) to even get started? The

...they are bloody expensive! The consumer doesn't see most of this, but the merchants pay through the nose. A typical small business will pay around 3% of the total transaction to the credit card company, plus additional fees for payment processing, plus additional fees for certifications, plus...there's always another damned fee.

That could well represent the entire profit margin of a smaller business. Guess what, that means those costs are added into the price. Since most credit card contracts (at least i

You know what else works just as well as a credit card that is way smaller and lighter than a cell phone, never needs recharging, works literally everywhere and already has proven, well-established limited liability for theft?

Cash.

Plus, you have the benefit of not having your purchases become part of a massive database to be misused by powerful and evil forces.

I'd like to see some innovations in payment methods that still leave the shopper with a little bit of privacy protection.

You know what else works just as well as a credit card that is way smaller and lighter than a cell phone, never needs recharging, works literally everywhere and already has proven, well-established limited liability for theft?

Cash.

Plus, you have the benefit of not having your purchases become part of a massive database to be misused by powerful and evil forces.

I'd like to see some innovations in payment methods that still leave the shopper with a little bit of privacy protection.

Granted. However, I use my no-fee CC for most purchases and pay it off every month so using is like using cash but negates me having to carry/restock my wallet with much cash. I accept the privacy loss of using a CC for the additional theft protection and convenient. I'm sure Clinkle will charge comparable service fees and mine people's purchase data as well. (Shareholders gotta profit.)

Truth be told, I was more peeved about the "may or may not" in the summary. "May" implies "may not"... grrrr:-)

However, I use my no-fee CC for most purchases and pay it off every month so using is like using cash but negates me having to carry/restock my wallet with much cash. I accept the privacy loss of using a CC for the additional theft protection and convenient.

By using C/C you also are creating plausible deniability for your other purchases that you may not want to become known. Your spending pattern will remain the same, of an innocent person. You go to the same grocery stores, you buy gas at the same sta

You know what else works just as well as a credit card that is way smaller and lighter than a cell phone, never needs recharging, works literally everywhere and already has proven, well-established limited liability for theft? A fucking credit card.

We live in an age, where people are so addicted to their smartphones, that everything needs done with a smartphone in their eyes.

The whole premise is silly, because most people assume that everyone only has one credit card. I have 4, and have my finances categorized. One card for gasoline, one for general household, one for house related purchases, and one for general living - meals, hotels, business expenses. I can't imagine that is all that rare.

The catch is they don't even have a web site yet. Just a steadily growing mailing list that they'll send out progress reports to until they get a working product. Why on earth anyone would ever sign up for one, I have no idea. But that's what it is.

Next thing, they demand I upgrade my browser. That's my business; it's their business to design their website to use HTML standards.

It's part of the Silicon Valley startup douchebag mindset. They're innovators. They're moving forward. They are progress. They don't want to be tied down to legacy modes and archaic systems. In other words, they have no concept of graceful fallback and only

Or! It's part of the mindset that decides it's a better idea to stop supporting old browsers. Whatever their motive, it's their motive. Maybe they want to save money in customer service because they don't want to have to deal with someone like my dad using their product.

Do these jerks seriously expect people to sign on after a start like that?

Those guys are idiots. This kind of PR is not cheap. They're spending all their newfound investment money on slashadvertisments and huffingtonadvertisements before they even made a properly functioning web site.

what's the very next article right here on slashdot? an article about how the inventor of PGP cannot properly implement ZRTP, a security application for smart phones. clinkle - starting from scratch - on a payment system for smart phones, making it a high-profile target. this is going to end well.

I don't think I ever want a payment system to be in the hands of one single company. In the Netherlands (Europe even) all banks adopted the same standard for electronic debit payments and this works fine. Credit cards are basically in the hands of two companies, MasterCard and Visa, and this sucks because they behave as monopolists.

IMHO an electronic payment system can only starts as a co-operation between many banks/governments or... bottom up, with some open specification invented by people like you.

It's a phone-based credit company with technology that nearly no one understands, and it's quickly raised $25 million. Why does that sound suspicious? Is that charged to Andreessen's phone bill alone? I hope some of it doesn't appear on my elderly mom's phone bill next month.

Server comes to my table with a wireless credit card machine, swipes it in front of me and hands me back my card. I review the amount and scribble a signature.Easy as can be

Many places don't even require the signature any longer

My bank handles any fraudulent charges on my behalf, no risk to me

Contrast that to other payment systems, like PayPal, where your money is taken by PayPal and not returned for 6 months. Or a fraudulent use requires jumping through multiple hoops to try to get your money back. Ever

Why does my wallet need replacing? It does everything I need it to, and more importantly, it allows me to control my money via more physical means. I'm fine with swiping cards. Cash is fine too. The best part about it is I don't have to give my info to another third party who is going to find ways to take my money.

is obviously not to be trusted with that position. That's anyone. Meaning "anyone", not meaning "anyone but you, latest inventor of a wallet application".

Whatever happened to that thing called cash, by the way? I seem to be using it more and more, and my plastic less and less these days. not that I ever used plastic for more than about 15% of my expenditure.

Here's a guess: its just the bitcoin code with new blocks assigned to a limited set of inside corporations.
ie: Its the same as bitcoin but only the owners can make new coins.
Reasoning: bitcoin works. Paypal is interested in bitcoin. But bitcoin removes the means of production away from central authority. With coin production centralized, these corporations could ensure eternal significance and revenue through generation of bitcoins and transaction fees. And this group would estabilish the rules of the b